Skip to content

Instantly share code, notes, and snippets.

@tunaranch

tunaranch/kustomization.yaml

Created May 30, 2022 02:02
Show Gist options
  • Save tunaranch/09aed2659f5eeeaa176edd5f4d87e801 to your computer and use it in GitHub Desktop.
Save tunaranch/09aed2659f5eeeaa176edd5f4d87e801 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
kustomization.yaml
resources:
- samba-ad-config.yaml
- samba-ad-deployment.yaml
- samba-ad-service.yaml
Raw
samba-ad-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: samba-container-config
data:
config.json: |
{
"samba-container-config": "v0",
"configs": {
"samba-ad": {
"globals": [ "noprinting", "nossl" ],
"instance_features": [ "addc" ],
"domain_settings": "sink",
"instance_name": "dc1"
}
},
"globals": {
"noprinting": {
"options": {
"load printers": "no",
"printing": "bsd",
"printcap name": "/dev/null",
"disable spoolss": "yes"
}
},
"nossl": {
"options": {
"ldap server require strong auth": "no"
}
}
},
"domain_settings": {
"sink": {
"realm": "adqa.example.org",
"short_domain": "ADQA",
"admin_password": "Passw0rd"
}
},
"domain_groups": {
"sink": [
{ "name": "supervisors" },
{ "name": "employees" },
{ "name": "characters" },
{ "name": "bulk" }
]
},
"domain_users": {
"sink": [
{
"name": "bwayne",
"password": "1115Rose.",
"given_name": "Bruce",
"surname": "Wayne",
"member_of": [
"supervisors",
"characters",
"employees"
]
},
{
"name": "ckent",
"password": "1115Rose.",
"given_name": "Clark",
"surname": "Kent",
"member_of": [
"characters",
"employees"
]
}
]
}
}
Raw
samba-ad-deployment.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: samba-ad-deployment
labels:
app: samba-ad
spec:
replicas: 1
selector:
matchLabels:
app: samba-ad
template:
metadata:
labels:
app: samba-ad
spec:
containers:
- name: samba-ad
image: quay.io/samba.org/samba-ad-server:latest
securityContext:
capabilities:
add: [ "SYS_ADMIN" ]
resources:
requests:
cpu: 250m
env:
- name: SAMBACC_CONFIG
value: /etc/samba-container/config.json
- name: SAMBA_CONTAINER_ID
value: samba-ad
volumeMounts:
- mountPath: "/etc/samba-container"
name: samba-container-config
ports:
# https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage
- containerPort: 53
name: dns
- containerPort: 135
name: epm
protocol: TCP
- containerPort: 137
name: netbios-ns
protocol: UDP
- containerPort: 138
name: netbios-dgram
protocol: UDP
- containerPort: 139
name: netbios-session
protocol: TCP
- containerPort: 389
name: ldap
- containerPort: 445
name: smb
protocol: TCP
- containerPort: 464
name: kerberos
- containerPort: 636
name: ldaps
protocol: TCP
- containerPort: 3268
name: gc
protocol: TCP
- containerPort: 3269
name: gc-ssl
protocol: TCP
volumes:
- configMap:
name: samba-container-config
name: samba-container-config
- emptyDir:
medium: Memory
name: samba-sharedir
Raw
samba-ad-service.yaml
---
apiVersion: v1
kind: Service
metadata:
name: samba-ad
labels:
app: samba-ad
spec:
ports:
- name: samba-ad-ldap
port: 1389
targetPort: 389
selector:
app: samba-ad
type: LoadBalancer
---
Raw
smb.conf
# Global parameters
[global]
dns forwarder = 10.96.0.10
netbios name = DC1
realm = ADQA.EXAMPLE.ORG
server role = active directory domain controller
workgroup = ADQA
idmap_ldb:use rfc2307 = yes
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[netlogon]
path = /var/lib/samba/sysvol/adqa.example.org/scripts
read only = No
Raw
startup.log
2022-05-30 01:53:39,970: INFO: Running AD DC container
2022-05-30 01:53:39,971: INFO: Provisioning domain: adqa.example.org
2022-05-30 01:53:39,971: INFO: Provisioning AD domain: realm=adqa.example.org
INFO 2022-05-30 01:53:40,152 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/__init__.py #2108: Looking up IPv4 addresses
INFO 2022-05-30 01:53:40,153 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/__init__.py #2125: Looking up IPv6 addresses
WARNING 2022-05-30 01:53:40,153 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/__init__.py #2132: No IPv6 address will be assigned
INFO 2022-05-30 01:53:40,431 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/__init__.py #2274: Setting up share.ldb
INFO 2022-05-30 01:53:40,471 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/__init__.py #2278: Setting up secrets.ldb
INFO 2022-05-30 01:53:40,496 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/__init__.py #2283: Setting up the registry
INFO 2022-05-30 01:53:40,649 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/__init__.py #2286: Setting up the privileges database
INFO 2022-05-30 01:53:40,708 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/__init__.py #2289: Setting up idmap db
INFO 2022-05-30 01:53:40,746 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/__init__.py #2296: Setting up SAM db
INFO 2022-05-30 01:53:40,753 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/__init__.py #880: Setting up sam.ldb partitions and settings
INFO 2022-05-30 01:53:40,754 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/__init__.py #892: Setting up sam.ldb rootDSE
INFO 2022-05-30 01:53:40,760 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/__init__.py #1305: Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs
INFO 2022-05-30 01:53:40,784 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/__init__.py #1383: Adding DomainDN: DC=adqa,DC=example,DC=org
INFO 2022-05-30 01:53:40,794 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/__init__.py #1415: Adding configuration container
INFO 2022-05-30 01:53:40,806 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/__init__.py #1430: Setting up sam.ldb schema
INFO 2022-05-30 01:53:43,555 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/__init__.py #1448: Setting up sam.ldb configuration data
INFO 2022-05-30 01:53:43,664 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/__init__.py #1489: Setting up display specifiers
INFO 2022-05-30 01:53:45,334 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/__init__.py #1497: Modifying display specifiers and extended rights
INFO 2022-05-30 01:53:45,366 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/__init__.py #1504: Adding users container
INFO 2022-05-30 01:53:45,368 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/__init__.py #1510: Modifying users container
INFO 2022-05-30 01:53:45,369 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/__init__.py #1513: Adding computers container
INFO 2022-05-30 01:53:45,370 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/__init__.py #1519: Modifying computers container
INFO 2022-05-30 01:53:45,372 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/__init__.py #1523: Setting up sam.ldb data
INFO 2022-05-30 01:53:45,474 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/__init__.py #1553: Setting up well known security principals
INFO 2022-05-30 01:53:45,515 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/__init__.py #1567: Setting up sam.ldb users and groups
dos charset 'CP850' unavailable - using ASCII
INFO 2022-05-30 01:53:45,575 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/__init__.py #1575: Setting up self join
Repacking database from v1 to v2 format (first record CN=Operating-System,CN=Schema,CN=Configuration,DC=adqa,DC=example,DC=org)
Repack: re-packed 10000 records so far
Repacking database from v1 to v2 format (first record CN=IntellimirrorGroup-Display,CN=416,CN=DisplaySpecifiers,CN=Configuration,DC=adqa,DC=example,DC=org)
Repacking database from v1 to v2 format (first record CN=7cfb016c-4f87-4406-8166-bd9df943947f,CN=Operations,CN=DomainUpdates,CN=System,DC=adqa,DC=example,DC=org)
INFO 2022-05-30 01:53:46,474 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/sambadns.py #1196: Adding DNS accounts
INFO 2022-05-30 01:53:46,505 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/sambadns.py #1230: Creating CN=MicrosoftDNS,CN=System,DC=adqa,DC=example,DC=org
INFO 2022-05-30 01:53:46,517 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/sambadns.py #1243: Creating DomainDnsZones and ForestDnsZones partitions
INFO 2022-05-30 01:53:46,565 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/sambadns.py #1248: Populating DomainDnsZones and ForestDnsZones partitions
Repacking database from v1 to v2 format (first record DC=j.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=adqa,DC=example,DC=org)
Repacking database from v1 to v2 format (first record DC=_ldap._tcp.gc,DC=_msdcs.adqa.example.org,CN=MicrosoftDNS,DC=ForestDnsZones,DC=adqa,DC=example,DC=org)
INFO 2022-05-30 01:53:46,761 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/__init__.py #2012: Setting up sam.ldb rootDSE marking as synchronized
INFO 2022-05-30 01:53:46,775 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/__init__.py #2017: Fixing provision GUIDs
INFO 2022-05-30 01:53:47,412 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/__init__.py #2342: The Kerberos KDC configuration for Samba AD is located at /var/lib/samba/private/kdc.conf
INFO 2022-05-30 01:53:47,413 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/__init__.py #2348: A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf
INFO 2022-05-30 01:53:47,413 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/__init__.py #2350: Merge the contents of this file with your system krb5.conf or replace it with this one. Do not create a symlink!
INFO 2022-05-30 01:53:47,461 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/__init__.py #2082: Setting up fake yp server settings
INFO 2022-05-30 01:53:47,517 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/__init__.py #487: Once the above files are installed, your Samba AD server will be ready to use
INFO 2022-05-30 01:53:47,517 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/__init__.py #492: Server Role: active directory domain controller
INFO 2022-05-30 01:53:47,517 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/__init__.py #493: Hostname: samba-ad-deployment-74854f45dc-b6wvf
INFO 2022-05-30 01:53:47,517 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/__init__.py #494: NetBIOS Domain: ADQA
INFO 2022-05-30 01:53:47,518 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/__init__.py #495: DNS Domain: adqa.example.org
INFO 2022-05-30 01:53:47,518 pid:7 /usr/lib64/python3.10/site-packages/samba/provision/__init__.py #496: DOMAIN SID: S-1-5-21-712337385-115178982-1069480702
2022-05-30 01:53:47,544: INFO: Populating domain with default entries
2022-05-30 01:53:47,544: INFO: Creating group: 'supervisors'
Added group supervisors
2022-05-30 01:53:47,855: INFO: Creating group: 'employees'
Added group employees
2022-05-30 01:53:48,156: INFO: Creating group: 'characters'
Added group characters
2022-05-30 01:53:48,453: INFO: Creating group: 'bulk'
Added group bulk
2022-05-30 01:53:48,740: INFO: Creating user: 'bwayne'
User 'bwayne' added successfully
2022-05-30 01:53:49,086: INFO: Adding group members: ['samba-tool', 'group', 'addmembers', 'supervisors', 'bwayne']
Added members to group supervisors
2022-05-30 01:53:49,392: INFO: Adding group members: ['samba-tool', 'group', 'addmembers', 'characters', 'bwayne']
Added members to group characters
2022-05-30 01:53:49,690: INFO: Adding group members: ['samba-tool', 'group', 'addmembers', 'employees', 'bwayne']
Added members to group employees
2022-05-30 01:53:49,987: INFO: Creating user: 'ckent'
User 'ckent' added successfully
2022-05-30 01:53:50,317: INFO: Adding group members: ['samba-tool', 'group', 'addmembers', 'characters', 'ckent']
Added members to group characters
2022-05-30 01:53:50,603: INFO: Adding group members: ['samba-tool', 'group', 'addmembers', 'employees', 'ckent']
Added members to group employees
2022-05-30 01:53:50,906: INFO: Starting samba server
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment